BleepingComputer reports that threat actors could leverage a recently addressed macOS vulnerability, tracked as CVE-2024-44243, to evade System Integrity Protection against malware and other cybersecurity threats and facilitate malicious kernel driver injections.
Aside from enabling rootkit installation, exploiting the flaw could also result in the establishment of persistent and unremovable malware, as well as the avoidance of Transparency, Consent, and Control security inspections, an analysis from Microsoft showed. "Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes," said Microsoft. Such findings come amid the growing prevalence of macOS vulnerabilities that enable circumvention of the operating system's security defenses, including the Migraine and Shrootless SIP bypass issues, tracked as CVE-2023-32369 and CVE-2021-30892, respectively; the Achilles flaw, tracked as CVE-2022-42821, which sidesteps Gatekeeper execution limitations for malware delivery; and the powerdir bug, tracked as CVE-2021-30970, which allowed protected data compromise via TCC bypass.
